Vulnerabilities > CVE-2018-1463 - Incorrect Authorization vulnerability in IBM products

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

CWE-863

NVD

Published: 2018-05-17

Updated: 2020-08-19

Summary

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM Storwize V7000 Firmware * IBM Storwize V5000 Firmware * IBM Storwize V3700 Firmware * IBM Storwize V3500 Firmware * IBM Storwize V9000 Firmware * IBM SAN Volume Controller Firmware *	6
Hardware	Ibm IBM Storwize V7000 - IBM Storwize V5000 - IBM Storwize V3700 - IBM Storwize V3500 - IBM Storwize V9000 - IBM SAN Volume Controller -	6
Application	Ibm IBM Spectrum Virtualize * IBM Spectrum Virtualize FOR Public Cloud *	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/147601/ibmflashsystemstorwize-filereadxsrf.txt
id	PACKETSTORM:147601
last seen	2018-05-15
published	2018-05-14
reporter	Jan Bee
source	https://packetstormsecurity.com/files/147601/IBM-Flashsystem-Storwize-CSRF-Arbitrary-File-Read-Information-Disclosure.html
title	IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References